package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.JdkApplicationProtocolNegotiator;
import io.netty.handler.ssl.SSLEngineTest;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.internal.EmptyArrays;
import java.io.File;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.opentest4j.TestAbortedException;

/* loaded from: input_file:io/netty/handler/ssl/JdkSslEngineTest.class */
public class JdkSslEngineTest extends SSLEngineTest {
    private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
    private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
    private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
    private Provider provider;

    /* loaded from: input_file:io/netty/handler/ssl/JdkSslEngineTest$JdkSSLEngineTestParam.class */
    private static final class JdkSSLEngineTestParam extends SSLEngineTest.SSLEngineTestParam {
        final ProviderType providerType;

        JdkSSLEngineTestParam(ProviderType providerType, SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) {
            super(sSLEngineTestParam.type(), sSLEngineTestParam.combo(), sSLEngineTestParam.delegate());
            this.providerType = providerType;
        }

        @Override // io.netty.handler.ssl.SSLEngineTest.SSLEngineTestParam
        public String toString() {
            return "JdkSSLEngineTestParam{type=" + type() + ", protocolCipherCombo=" + combo() + ", delegate=" + delegate() + ", providerType=" + this.providerType + '}';
        }
    }

    /* loaded from: input_file:io/netty/handler/ssl/JdkSslEngineTest$ProviderType.class */
    public enum ProviderType {
        ALPN_JAVA { // from class: io.netty.handler.ssl.JdkSslEngineTest.ProviderType.1
            @Override // io.netty.handler.ssl.JdkSslEngineTest.ProviderType
            boolean isAvailable() {
                return JdkAlpnSslUtils.supportsAlpn();
            }

            @Override // io.netty.handler.ssl.JdkSslEngineTest.ProviderType
            ApplicationProtocolConfig.Protocol protocol() {
                return ApplicationProtocolConfig.Protocol.ALPN;
            }

            @Override // io.netty.handler.ssl.JdkSslEngineTest.ProviderType
            Provider provider() {
                return null;
            }
        },
        ALPN_CONSCRYPT { // from class: io.netty.handler.ssl.JdkSslEngineTest.ProviderType.2
            private Provider provider;

            @Override // io.netty.handler.ssl.JdkSslEngineTest.ProviderType
            boolean isAvailable() {
                return Conscrypt.isAvailable();
            }

            @Override // io.netty.handler.ssl.JdkSslEngineTest.ProviderType
            ApplicationProtocolConfig.Protocol protocol() {
                return ApplicationProtocolConfig.Protocol.ALPN;
            }

            @Override // io.netty.handler.ssl.JdkSslEngineTest.ProviderType
            Provider provider() {
                try {
                    if (this.provider == null) {
                        this.provider = (Provider) Class.forName("org.conscrypt.OpenSSLProvider").getConstructor(new Class[0]).newInstance(new Object[0]);
                    }
                    return this.provider;
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            }
        };

        abstract boolean isAvailable();

        abstract ApplicationProtocolConfig.Protocol protocol();

        abstract Provider provider();

        final void activate(JdkSslEngineTest jdkSslEngineTest) {
            if (!isAvailable()) {
                throw JdkSslEngineTest.tlsExtensionNotFound(protocol());
            }
            jdkSslEngineTest.provider = provider();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/JdkSslEngineTest$SkipTestException.class */
    public static final class SkipTestException extends RuntimeException {
        private static final long serialVersionUID = 9214869217774035223L;

        SkipTestException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:io/netty/handler/ssl/JdkSslEngineTest$TestDelegatingSslContext.class */
    private static final class TestDelegatingSslContext extends DelegatingSslContext {
        private final SSLEngineTest.SSLEngineTestParam param;

        TestDelegatingSslContext(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam, SslContext sslContext) {
            super(sslContext);
            this.param = sSLEngineTestParam;
        }

        protected void initEngine(SSLEngine sSLEngine) {
            sSLEngine.setEnabledProtocols((String[]) this.param.protocols().toArray(EmptyArrays.EMPTY_STRINGS));
            sSLEngine.setEnabledCipherSuites((String[]) this.param.ciphers().toArray(EmptyArrays.EMPTY_STRINGS));
        }
    }

    public JdkSslEngineTest() {
        super(SslProvider.isTlsv13Supported(SslProvider.JDK));
    }

    List<JdkSSLEngineTestParam> newJdkParams() {
        List<SSLEngineTest.SSLEngineTestParam> newTestParams = newTestParams();
        ArrayList arrayList = new ArrayList();
        for (ProviderType providerType : ProviderType.values()) {
            Iterator<SSLEngineTest.SSLEngineTestParam> it = newTestParams.iterator();
            while (it.hasNext()) {
                arrayList.add(new JdkSSLEngineTestParam(providerType, it.next()));
            }
        }
        return arrayList;
    }

    @MethodSource({"newJdkParams"})
    @ParameterizedTest
    public void testTlsExtension(JdkSSLEngineTestParam jdkSSLEngineTestParam) throws Exception {
        try {
            jdkSSLEngineTestParam.providerType.activate(this);
            setupHandlers(jdkSSLEngineTestParam, failingNegotiator(jdkSSLEngineTestParam.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL));
            runTest();
        } catch (SkipTestException e) {
            throw new TestAbortedException("Not expected", e);
        }
    }

    @MethodSource({"newJdkParams"})
    @ParameterizedTest
    public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure(JdkSSLEngineTestParam jdkSSLEngineTestParam) throws Exception {
        try {
            jdkSSLEngineTestParam.providerType.activate(this);
            setupHandlers(jdkSSLEngineTestParam, acceptingNegotiator(jdkSSLEngineTestParam.providerType.protocol(), APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE), acceptingNegotiator(jdkSSLEngineTestParam.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL));
            runTest(null);
        } catch (SkipTestException e) {
            throw new TestAbortedException("Not expected", e);
        }
    }

    @MethodSource({"newJdkParams"})
    @ParameterizedTest
    public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure(JdkSSLEngineTestParam jdkSSLEngineTestParam) throws Exception {
        try {
            jdkSSLEngineTestParam.providerType.activate(this);
            SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
            setupHandlers(jdkSSLEngineTestParam.type(), jdkSSLEngineTestParam.delegate(), new TestDelegatingSslContext(jdkSSLEngineTestParam, new JdkSslServerContext(jdkSSLEngineTestParam.providerType.provider(), selfSignedCertificate.certificate(), selfSignedCertificate.privateKey(), (String) null, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, new JdkAlpnApplicationProtocolNegotiator(new JdkApplicationProtocolNegotiator.ProtocolSelectorFactory() { // from class: io.netty.handler.ssl.JdkSslEngineTest.1
                public JdkApplicationProtocolNegotiator.ProtocolSelector newSelector(SSLEngine sSLEngine, Set<String> set) {
                    return new JdkApplicationProtocolNegotiator.ProtocolSelector() { // from class: io.netty.handler.ssl.JdkSslEngineTest.1.1
                        public void unsupported() {
                        }

                        public String select(List<String> list) {
                            return JdkSslEngineTest.APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE;
                        }
                    };
                }
            }, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY, new String[]{APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE}), 0L, 0L, (String) null)), new TestDelegatingSslContext(jdkSSLEngineTestParam, new JdkSslClientContext(jdkSSLEngineTestParam.providerType.provider(), (File) null, InsecureTrustManagerFactory.INSTANCE, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, new JdkAlpnApplicationProtocolNegotiator(true, true, new String[]{PREFERRED_APPLICATION_LEVEL_PROTOCOL}), 0L, 0L)));
            Assertions.assertTrue(this.clientLatch.await(2L, TimeUnit.SECONDS));
            Assertions.assertTrue((this.clientException instanceof SSLHandshakeException) || this.clientException == null);
        } catch (SkipTestException e) {
            throw new TestAbortedException("Not expected", e);
        }
    }

    @MethodSource({"newJdkParams"})
    @ParameterizedTest
    public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure(JdkSSLEngineTestParam jdkSSLEngineTestParam) throws Exception {
        try {
            jdkSSLEngineTestParam.providerType.activate(this);
            setupHandlers(jdkSSLEngineTestParam, failingNegotiator(jdkSSLEngineTestParam.providerType.protocol(), APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE), acceptingNegotiator(jdkSSLEngineTestParam.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL));
            Assertions.assertTrue(this.serverLatch.await(2L, TimeUnit.SECONDS));
            Assertions.assertTrue(this.serverException instanceof SSLHandshakeException);
        } catch (SkipTestException e) {
            throw new TestAbortedException("Not expected", e);
        }
    }

    @MethodSource({"newJdkParams"})
    @ParameterizedTest
    public void testAlpnCompatibleProtocolsDifferentClientOrder(JdkSSLEngineTestParam jdkSSLEngineTestParam) throws Exception {
        try {
            jdkSSLEngineTestParam.providerType.activate(this);
            setupHandlers(jdkSSLEngineTestParam, failingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL), acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
            Assertions.assertNull(this.serverException);
            runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
        } catch (SkipTestException e) {
            throw new TestAbortedException("Not expected", e);
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testEnablingAnAlreadyDisabledSslProtocol(sSLEngineTestParam, new String[0], new String[]{"TLSv1.2"});
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @Disabled
    @ParameterizedTest
    public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @Disabled
    @ParameterizedTest
    public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SSLEngineTest
    public boolean mySetupMutualAuthServerIsValidException(Throwable th) {
        return super.mySetupMutualAuthServerIsValidException(th) || causedBySSLException(th);
    }

    private void runTest() throws Exception {
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslProvider sslClientProvider() {
        return SslProvider.JDK;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslProvider sslServerProvider() {
        return SslProvider.JDK;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SSLEngineTest
    public Provider clientSslContextProvider() {
        return this.provider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SSLEngineTest
    public Provider serverSslContextProvider() {
        return this.provider;
    }

    private static ApplicationProtocolConfig failingNegotiator(ApplicationProtocolConfig.Protocol protocol, String... strArr) {
        return new ApplicationProtocolConfig(protocol, ApplicationProtocolConfig.SelectorFailureBehavior.FATAL_ALERT, ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT, strArr);
    }

    private static ApplicationProtocolConfig acceptingNegotiator(ApplicationProtocolConfig.Protocol protocol, String... strArr) {
        return new ApplicationProtocolConfig(protocol, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, strArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SkipTestException tlsExtensionNotFound(ApplicationProtocolConfig.Protocol protocol) {
        throw new SkipTestException(protocol + " not on classpath");
    }
}
